Embed Size (px)
Citation preview
SonicWall® Web Application Firewall 2.0Release Notes
February 2018
These release notes provide information about the SonicWall® Web Application Firewall 2.0 release.
Topics:
• About SonicWall WAF 2.0
• Supported Platforms
• Key Features
• Resolved Issues
• Known Issues
• System Compatibility
• Product Licensing
• Upgrading Information
• SonicWall Support
About SonicWall WAF 2.0SonicWall Web Application Firewall secures web applications against advanced web attacks including OWASP Top Ten, providing protection against malicious injection and cross‐site scripting attacks, credit card and SSN theft, cookie tampering and cross‐site request forgery
See the Key Features section for information about SonicWall WAF features.
Supported PlatformsSonicWall WAF 2.0 is supported on the following platforms:
• Amazon Web Services (AWS)
• Microsoft Azure
• VMware ESXi 6.5
• Microsoft Hyper‐V Manager 6.2 / 6.3
SonicWall Web Application Firewall 2.0Release Notes
1
Key FeaturesThis section describes the key features in SonicWall WAF 2.0. You can also find WAF feature information in the SonicWall Secure Mobile Access 8.6 Admin Guide, available at: https://www.sonicwall.com/en‐us/support/technical‐
documentation/secure‐mobile‐access‐8‐6‐admin‐guide‐(1).
Topics:
• Web Security Features
• SSL Inspection
• Authentication and Authorization
• Geo IP/Botnet Filter
• Licensing
• ADC Features
• Management and Reporting
Web Security Features• Protection Against Most Common Threats (anti‐evasive inspection)
• High performance inspection engine
• Automatic Signature Updates
• Credit Card/SSN Data Masking
• Sensitive Data Blocking
• Web Server Fingerprint Protection
• CSRF Protection
• Cookie Tampering Protection
• DoS Protection
• Custom Rules
• Rate Limiting (brute force prevention)
• App Profiling
• Custom Error Response
SSL Inspection• HTTPS Inspection
• Perfect Forward Secrecy
Authentication and Authorization• Stacked Authentication (2FA, OTP, client‐cert, etc.)
• Secure Session Logout
SonicWall Web Application Firewall 2.0Release Notes
2
Geo IP/Botnet Filter• Geo IP Visualization and Policies
• Botnet Filter and Remediation
Licensing• WAF Tiered Licensing (BYOL for AWS and Azure)
ADC Features• App Offloading (with SSL Offloading support)
• Acceleration Features (caching, compression, TCP opt)
• Layer‐7 Load Balancing
• Website Health Monitoring
Management and Reporting• Threats and Performance Dashboard
• PDF Reporting
• Management Portal and CLI
• SNMP Management
• Event Logging and Syslog
• Access Logs
• Audit Log
• Email Alerts
• 1‐Click False Positive Reporting
• Automatic Software Updates
• System Monitoring and Diagnostics
Resolved IssuesThis section provides a list of issues that are resolved in this release.
App Offloading
Resolved issue Issue ID
The search function on an offloaded website does not work, and a core dump error appears in nginx.log.
Occurs when a web app is created to offload www.sonicwall.com, then the offloaded site is accessed and search is attempted.
198498
SonicWall Web Application Firewall 2.0Release Notes
3
Known IssuesThis section provides a list of known issues in this release.
App Offloading Features Not Supported in WAF 2.0The following authentication related App Offloading features from WAF 1.8 are not supported in WAF 2.0:
• For the Exchange application, authentication is only supported for OWA. Email Client Authentication (including ActiveSync and Outlook Anywhere) is not supported.
• Proxy NTLM authentication is not supported. The backend server should choose Basic Authentication as a workaround.
• SSO (automatic log in using Single Sign‐On) is not supported and corresponding settings are removed.
Security Settings
Resolved issue Issue ID
The CSRF Protection Page is not displayed, but a blank page or an error is displayed.
Occurs when a CSRF Attack is triggered on a web app with CSRF Protection / Cookie Tampering Protection enabled.
198436
Certificates
Known issue Issue ID
The Certificate Revocation List (CRL) status remains “Pending download”.
Occurs when CRL via URL is selected for the CRL, after the CRL is successfully downloaded.
197981
Licensing
Known issue Issue ID
Analyzer is not supported for WAF 2.0, but the service is displayed on the System > Licenses page and can be licensed.
197453
Nodes/Users license information is shown on the System > Licenses page, although WAF licensing is tier‐based and not based on the number of nodes or users.
190544
Security Settings
Known issue Issue ID
WAF threat protection prevents resource access.
Occurs when accessing an offloaded portal with app profiling and threat rule detection enabled, but Comprehensive Signature Protection is disabled. This changes WAF threat protection from detect to prevent.
198733
User Interface
Known issue Issue ID
Hyperlinks on signature information page redirect to #404 error.
Occurs when the administrator clicks on a WAF Signature URL from the Web Security > Signatures page.
191020
SonicWall Web Application Firewall 2.0Release Notes
4
System CompatibilityThis section provides additional information about hardware and software compatibility with this release.
Browser SupportSonicWall recommends using the latest Chrome, Firefox, Internet Explorer, or Safari browsers for administration of SonicWall WAF. This release supports the following web browsers:
• Chrome 45.0 and higher
• Firefox 25.0 and higher
• IE Edge or IE 10.0 and higher
• Safari 10.0 and higher running on non‐Windows machines
Product LicensingSonicWall WAF platforms must be registered on MySonicWall to enable full functionality and the benefits of SonicWall software updates and technical support. Log in or register for a MySonicWall account at https://mysonicwall.com.
Additionally, WAF Tiered Subscription Service needs to be licensed to activate SonicWall WAF features. For more information, refer to the WAF 2.0 Deployment Guide for your platform.
Upgrading InformationFor information about obtaining the latest software, upgrading the software image on your SonicWall WAF, see the WAF 2.0 Deployment Guide for your platform, available on the Support portal at https://www.sonicwall.com/support/technical‐documentation.
SonicWall SupportTechnical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions.
The Support Portal provides self‐help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
NOTE: On Windows machines, Safari is not supported for SonicWall WAF management.
NOTE: Mobile device browsers are not recommended for SonicWall WAF system administration.
SonicWall Web Application Firewall 2.0Release Notes
5
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact‐support.
SonicWall Web Application Firewall 2.0Release Notes
6
Copyright © 2018 SonicWall Inc. All rights reserved.
This product is protected by U.S. and international copyright and intellectual property laws. SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates' products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON‐ INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserve the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc.. and/or its affiliates do not make any commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/eupa. Select the language based on your geographic location to see the EUPA that applies to your region.
Last updated: 2/5/18
232‐00xxxx‐00 Rev 01
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
SonicWall Web Application Firewall 2.0Release Notes
7
